K
Q

k8 default service account token not found

3/23/2017

I have 3 kube masters running and 5 agent nodes. When deploying one of the pod, it fails to start up with the below message

2017-03-23T01:47:25.164033000Z I0323 01:47:25.160242       1 main.go:41] Starting NGINX Ingress controller Version 0.7.0
2017-03-23T01:47:25.165148000Z F0323 01:47:25.164609       1 main.go:55] Failed to create client: open   /var/run/secrets/kubernetes.io/serviceaccount/token: no such file or directory.

How do i generate certs for 3 masters? I tried on one of the master and copied the files to other 2 servers, but kube-apiserver failed to startup

./make-ca-cert.sh master1_ip IP:master2_ip ,IP:master3_ip,DNS:kubernetes,DNS:kubernetes.default,DNS:kubernetes.default.svc,DNS:kubernetes.default.svc.cluster.local

/etc/kubernenets/apiserver config
KUBE_API_ARGS="--client-ca-file=/srv/kubernetes/ca.crt --tls-cert-   file=/srv/kubernetes/server.cert --tls-private-key- file=/srv/kubernetes/server.key"

/etc/kubernetes/controller-manager
KUBE_CONTROLLER_MANAGER_ARGS="--root-ca-file=/srv/kubernetes/ca.crt --   service-account-private-key-file=/srv/kubernetes/server.key"
/srv/kubernetes files

kubernetes]# ls -ltr
total 28
-rw-rw----. 1 root root 1216 Mar 21 15:12 ca.crt
-rw-rw----. 1 root root 1704 Mar 21 15:12 server.key
-rw-rw----. 1 root root 4870 Mar 21 15:12 server.cert
-rw-------. 1 root root 1704 Mar 21 15:12 kubecfg.key
-rw-------. 1 root root 4466 Mar 21 15:12 kubecfg.crt


# kubectl get serviceaccounts
NAME      SECRETS   AGE
default   0         11d
-- John
kubernetes

Similar Questions

Kubernetes pod running out of memory when writing to a volume mount
Specify an `int` value in Kubernetes ConfigMap?
Authorizing to Kubernetes on Google Container Engine without gcloud SDK from Jenkins
how to make two docker containers share sqllite db on kubernetes?

2 Answers

4/26/2017

As surajd said, make sure you have all the necessary hostnames in your apiserver certificate. Including the service ip just to make sure.

Are your masters already running when you copy the certs? Try refreshing the tokens by deleting/recreating them.

Also make sure that you only use 1 ca to generate them all as all masters need to have the same ca!

Maybe share the make-ca-cert.sh script so I can have a look.

-- jonas kint
Source: StackOverflow
4/22/2017

You generate certificates on one machine and then copy over to the others. What you have done is the right thing.

But when you generate the server certificates make sure you put the IP address or the hostnames of the machines.

Here is an awesome tutorial that you can follow to do that. It's not from the official docs but has the credibility of official docs.

-- surajd
Source: StackOverflow